Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 518
Alerts This Week
Warning Icon 1 518

Ubuntu 12.10 LTS: USN-1642-1 Critical Lynx Issues Detected

ubuntu
Calendar Grey November 29, 2012
Scroller Ubuntu
Immediate security patches for Lynx in Ubuntu address severe vulnerabilities linked to buffer overflow and potential Man-In-The-Middle threats.
Two security issues were fixed in Lynx.

Summary

Two security issues were fixed in Lynx.

Software Description:

- lynx-cur: Text-mode WWW Browser with NLS support

Details:

Dan Rosenberg discovered a heap-based buffer overflow in Lynx. If a user

were tricked into opening a specially crafted page, a remote attacker could

cause a denial of service via application crash, or possibly execute

arbitrary code as the user invoking the program. This issue only affected

Ubuntu 10.04 LTS. (CVE-2010-2810)

It was discovered that Lynx did not properly verify that an HTTPS

certificate was signed by a trusted certificate authority. This could allow

an attacker to perform a "man in the middle" (MITM) attack which would make

the user believe their connection is secure, but is actually being

monitored. This update changes the behavior of Lynx such that self-signed

certificates no longer validate. Users requiring the previous behavior can

use the 'FORCE_SSL_PROMPT' option in lynx.cfg. (CVE-2012-5821)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.10:
  lynx-cur                        2.8.8dev.12-2ubuntu0.1

Ubuntu 12.04 LTS:
  lynx-cur                        2.8.8dev.9-2ubuntu0.12.04.1

Ubuntu 11.10:
  lynx-cur                        2.8.8dev.9-2ubuntu0.11.10.1

Ubuntu 10.04 LTS:
  lynx-cur                        2.8.8dev.2-1ubuntu0.1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-1642-1

CVE-2010-2810, CVE-2012-5821

Severity
critical
Lowest
Low
Medium
High
Critical

=========================================================================Ubuntu Security Notice USN-1642-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.